Home

serviceentry

ServiceEntry is a custom resource used in the Istio service mesh to extend service discovery beyond the Kubernetes cluster or beyond services that are not registered in Istio’s default registry. By declaring a ServiceEntry, operators describe external or non-native services so that Envoy proxies within the mesh can route to and from them with Istio traffic management, policy, and telemetry applied consistently.

A ServiceEntry typically defines hosts, location, ports, resolution, and optional endpoints. The hosts field lists the

Behavior and usage: After a ServiceEntry is created, VirtualService and DestinationRule resources can route traffic to

Common use cases include connecting to external APIs, accessing partner services, or integrating with legacy systems

DNS
names
of
the
service.
The
location
specifies
whether
the
service
is
inside
the
mesh
(MESH_INTERNAL)
or
outside
it
(MESH_EXTERNAL).
The
ports
section
defines
the
service’s
port
numbers,
names,
and
protocols.
The
resolution
field
indicates
how
the
service
is
discovered,
with
common
options
such
as
DNS,
STATIC,
or
NONE.
For
STATIC
resolution,
endpoints
are
provided
to
list
concrete
addresses
and
port
mappings
that
should
be
used
to
reach
the
service.
An
addresses
field
may
be
used
to
predefine
IP
blocks
for
the
service
within
the
mesh.
The
exportTo
field
controls
which
namespaces
can
reference
this
ServiceEntry.
the
declared
host.
For
external
services,
traffic
may
be
managed
through
the
standard
Istio
egress
model,
potentially
via
an
Egress
Gateway,
allowing
to
apply
TLS
settings,
mTLS,
and
other
traffic
policies
to
external
endpoints.
and
databases
outside
the
cluster
while
maintaining
consistent
observability
and
control
within
the
mesh.